New FAA Proposal Aims to Close Gaps in Aircraft Cybersecurity

New FAA Proposal Aims to Close Gaps in Aircraft Cybersecurity

Penka Hristovska Penka Hristovska
Published on: August 23, 2024 Senior Editor

The Federal Aviation Administration (FAA) has put forward a new set of proposed rules this week to enhance the cybersecurity of airplanes, engines, and propellers.  The move is part of a broader effort to protect modern aircraft from unauthorized electronic access.

The new rules would essentially standardize what the FAA refers to as “special conditions,” which are temporary regulations applied on a case-by-case basis.

“This proposed rulemaking package codifies the substantive requirements of frequently-issued cybersecurity special conditions to address these issues,” said acting Executive Director of the FAA’s Aircraft Certification Service Wesley Mooty, who added the proposal to the federal register.

He argued that recent reviews of FAA regulators discovered the rules they’re currently following are “inadequate and inappropriate to address the cybersecurity vulnerabilities caused by increased interconnectivity.”

Under the proposed standards, applicants seeking design approval for transport category airplanes, engines, and propellers will be required to identify, evaluate, and address cybersecurity risks. The regulations will cover both new and modified aircraft systems, ensuring that cybersecurity protections are built into aviation products from design through their entire lifecycle.

“The substance of the proposed rules would generally reflect current practice (e.g., special conditions) that the FAA has used to address product cybersecurity since 2009,” and their impact, essentially wouldn’t be “significant,” Mooty said.

The proposal comes in response to significant shifts in airplane design, where aircraft, engines, and propellers are now more frequently linked to internal and external data networks and services.

Potential threats include maintenance laptops used for aircraft checks, networks operated by airports and airline gates, wireless aircraft sensors, sensor networks, cellular networks, connected devices, satellite communications, GPS, and other related technologies.

The proposed changes are set to be integrated into Title 14 of the Code of Federal Regulations, specifically targeting parts 25, 33, and 35. These sections outline the airworthiness standards for airplanes, aircraft engines, and propellers.

Source of Article